Cyber resilience: how you can help
The Cyber Resilience Act (CRA) and Radio Equipment Directive (RED) are proving to be huge challenges for manufacturers. EFCEM needs your input to highlight industry concerns
Digitalization and connectivity remain hot topics in the foodservice equipment industry, but cybersecurity requirements to meet the pending Cyber Resilience Act (CRA) and Radio Equipment Directive (RED) – Delegated Regulation (EU) 2022/30 – are proving to be an enormous challenge for manufacturers. It is, inevitably, particularly difficult for small and medium-sized companies to bear. Your feedback can help though. Here's how.
The regulation for CRA came into force on 10 December 2024, with reporting obligations required from 11 September 2026, while all requirements of the Act must be fulfilled by 11 December 2027. The Act has three main purposes: it sets security requirements for all products with digital elements; it mandates risk management for cybersecurity threats; and it requires security updates throughout a product's expected lifespan (a minimum of five years). Its scope differentiates between products with 'digital elements, important products, and critical products', and details cybersecurity requirements and vulnerability treatment.
The purpose of RED is twofold: it introduces cybersecurity requirements for radio equipment, while its key areas address network integrity, personal data protection, and fraud prevention. In August 2024, final versions of the standards for RED were published, while compliance required for affected devices will begin on 1 August 2025.
How EFCEM and Orgalim can help with the burden
During a meeting in early December 2024, EFCEM's Working Group concerned with digitalization and connectivity highlighted the extent to which meeting those requirements will prove to be, especially for small and medium-sized companies in the commercial kitchen industry. But help is at hand.
EFCEM's partner Orgalim, which represents Europe's technology industries and is comprised of 770,000 companies, is currently collecting feedback to highlight these challenges with the aim – by the end of the year – to show the high burden of certain digital regulations such as CRA and RED to regulators.
To that end, EFCEM is requesting its members to send it examples of specific challenges being faced by the industry relating to CRA and RED. These examples should be directed as soon as possible to Andy Threlfall, FEA Convenor for Working Group 1&4 (BIM & Connectivity).
Please send examples to Andy at: andy.threlfall@fea.org.uk .